Sign-up

ID

VAR-201507-0521


CVE

CVE-2015-4233


TITLE

Cisco Unified MeetingPlace In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-003351

DESCRIPTION

SQL injection vulnerability in Cisco Unified MeetingPlace 8.6(1.2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu54037. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue being tracked by Cisco Bug ID CSCuu54037. This solution provides a user environment that integrates voice, video and Web conferencing

Trust: 1.98

sources: NVD: CVE-2015-4233 // JVNDB: JVNDB-2015-003351 // BID: 75500 // VULHUB: VHN-82194

AFFECTED PRODUCTS

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6\(1.2\)

Trust: 1.6

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6(1.2)

Trust: 1.1

sources: BID: 75500 // JVNDB: JVNDB-2015-003351 // CNNVD: CNNVD-201507-013 // NVD: CVE-2015-4233

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4233
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4233
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201507-013
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82194
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4233
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82194
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82194 // JVNDB: JVNDB-2015-003351 // CNNVD: CNNVD-201507-013 // NVD: CVE-2015-4233

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-82194 // JVNDB: JVNDB-2015-003351 // NVD: CVE-2015-4233

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-013

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201507-013

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003351

PATCH
title:39570url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39570
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003351

EXTERNAL IDS
db:NVDid:CVE-2015-4233
Trust: 2.8
db:BIDid:75500
Trust: 1.4
db:SECTRACKid:1032766
Trust: 1.1
db:JVNDBid:JVNDB-2015-003351
Trust: 0.8
db:CNNVDid:CNNVD-201507-013
Trust: 0.6
db:VULHUBid:VHN-82194
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82194 // 
            
            
            
            BID: 75500 // 
            
            
            
            JVNDB: JVNDB-2015-003351 // 
            
            
            
            CNNVD: CNNVD-201507-013 // 
            
            
            
            NVD: CVE-2015-4233

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39570
Trust: 2.0
url:http://www.securityfocus.com/bid/75500
Trust: 1.1
url:http://www.securitytracker.com/id/1032766
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4233
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4233
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/sw/ps5664/ps5669/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82194 // 
            
            
            
            BID: 75500 // 
            
            
            
            JVNDB: JVNDB-2015-003351 // 
            
            
            
            CNNVD: CNNVD-201507-013 // 
            
            
            
            NVD: CVE-2015-4233

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75500

SOURCES
db:VULHUBid:VHN-82194
db:BIDid:75500
db:JVNDBid:JVNDB-2015-003351
db:CNNVDid:CNNVD-201507-013
db:NVDid:CVE-2015-4233

LAST UPDATE DATE
2024-11-23T22:42:28.028000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82194date:2016-12-28T00:00:00
db:BIDid:75500date:2015-06-30T00:00:00
db:JVNDBid:JVNDB-2015-003351date:2015-07-03T00:00:00
db:CNNVDid:CNNVD-201507-013date:2015-07-03T00:00:00
db:NVDid:CVE-2015-4233date:2024-11-21T02:30:41.090

SOURCES RELEASE DATE
db:VULHUBid:VHN-82194date:2015-07-02T00:00:00
db:BIDid:75500date:2015-06-30T00:00:00
db:JVNDBid:JVNDB-2015-003351date:2015-07-03T00:00:00
db:CNNVDid:CNNVD-201507-013date:2015-07-03T00:00:00
db:NVDid:CVE-2015-4233date:2015-07-02T10:59:00.080